The author is a Forbes contributor. The opinions expressed are those of the writer.

Loading ...

Loading ...

This story appears in the {{article.article.magazine.pretty_date}} issue of {{article.article.magazine.pubName}}. Subscribe

Imagine if Vlad the Impaler Had A Computer

Way back in January 2007 – before the onset of the Great Recession, before the euro crisis -- a federal grand jury sitting in New Haven, CT returned an indictment charging Romanian citizens Ciprian Dumitru Tudor, Mihai Cristian Dumitru, and others with running an online phishing scheme.

My, how our global village has become so much cozier. Was a time when all we knew about Romania was that it was the land of vampires, Count Dracula -- the real-life Vlad the Impaler. A few centuries later and, in the name of progress, Romania has become the land of Vlad the Emailer.

Gothic horror stories aside, federal prosecutors found little quaint about the online crimes emanating out of Romania. Nearly three years after the initial Indictment, in November 2010, a Superseding Indictment fleshed out the case against Tudor, Cumitru, and 12 others.

Just as vampire hunters must await the sunrise in hopes of entering the crypt and driving the wooden stake through the living dead's blackened heart, the feds bided their time. Waiting. Waiting for just the right moment when they could swoop down upon the Romanians and nail them. Consequently, the Superseding Indictment was kept under wraps -- "sealed" in more legal jargon -- pending the ability of the United States to secure the extradition of the defendants responsible for the phishing crimes.

Phishing: An Internet scheme that fraudulently targets recipients' email accounts in order to obtain private personal and financial information. This scam generally involves the transmittal of e-mail messages, which are made to appear as if they originated from legitimate banks, financial institutions or other companies. Unwary recipients reply to requests for information contained in the bogus messages or are directed to seemingly authentic websites and asked to fill-out online forms. In fact, the bogus messages have directed the victims to bogus websites where the submitted personal/financial information will be mined by criminals in furtherance of identity theft, money laundering, and other scams.

I’m sure – I’m positive – that many (if not most) of you have received a phishing email. You may have been savvy enough to spot the warning signs of such crap and quickly marked it as spam or deleted it. If you weren’t so lucky, you may have entered the digital equivalent of Hell.

People's Bank

In this case, the Indictment alleges that in June 2005, one or more of the defendants sent spam e-mail purporting to be from Connecticut-based People’s Bank. The e-mail stated that the recipient’s online banking access profile had been locked and instructed recipients to click on a link, which would take them to the bank's web page, where they could enter information to “unlock” their profile.

No! Don't do it!! STOP!!!

Those who received this phishing email should never, ever have clicked on the link. If you receive such a message, you would be better advised to telephone the bank to confirm the authenticity of the message; and don't use the phone numbers provided on the phishing email because they may be bogus. If you must, separately log on to what you know to be the bank's real URL -- get the phone numbers from your old records or do an online search. Open up a separate computer window and access the bank’s authentic website and see if there are any messages to you on that page – or you could access any existing online “Help” lines. What you should never do is respond to such queries by clicking on links provided in the spam mail.

WARNING!!!: If you have clicked on the email and opened it, there is a chance that you have downloaded a virus. It gets even worse. As you continue to use your computer, that virus may be capturing the names of the websites you visit, retrieving your account ID and passwords. In less time than it takes to pound a stake through a vampire's heart, your financial accounts could be wiped out and your credit ruined.

If you think that you've been targeted by a phishing email, get the hell offline. Immediately.

You should have already installed a malware and anti-virus program on your computer. Make sure that such programs have downloaded the most current virus alerts -- if your program is not current, you may scan your drive and get a "No Virus Found" confirmation, but that scan may not have included the virus that was created last week and included in the updated download that you failed to install.

Once you're offline, run your malware/anti-virus programs. Don't do anything else. If you are notified by your program that your computer has been compromised, quarantine the flagged files and delete them. If you don't know what you're doing but you're told that your drive has been hit, spend a few bucks and hire a professional to clean your system.

One last warning, be careful about downloading those free malware/anti-virus programs -- some of the sites offering such help are themselves frauds and will phish your information when you fill out their online forms, or, even worse, the freebie software that you will download is a trojan. Here the cure may be worse than the disease. Think of it as a vampire's bite.

The unfortunates who clicked on the link provided by the defendants in this case wound up on a web page that, for all intents and purposes, really appeared to be People’s Bank. Ah, but the for all intents and purposes is what kills you here. The bank website wasn’t what it seemed. In reality, it was a fake web page on a fake website that was hosted on a computer that had nothing to do with People’s Bank. The personal and financial information that worried email recipients so quickly provided was transmitted by email to one or more of the defendants or to a s0-called “collector” account (set up as a repository for the phished records).